Re: [Fail2ban-users] fail2ban ssh-iptables has unknown option -w

Sat, 28 Nov 2015 07:46:41 -0800

Sorry. Forgot to reply-all.

Before iptables.conf runs it calls iptables-common.conf and in iptables.conf it calls the parameter <iptables> and not the iptables command itself. The <iptables> parameter is set in iptables-common.conf. As I use an epel/el6 version I think mine is different to the standard release but I'm pretty sure you'll find the -w switch in there where it sets the <iptables> variable.

Looking at the el7 files, <iptables> is set in iptables-common.conf to "iptables <lockingopt>". <lockingopt> is set to "-w" and this is what you need to remove, presumably setting it to blank or nothing, so, create a file iptables-common.local with a single line in it:

lockingopt =

This should override the default. If it does not work change the line to:

lockingopt = ""

Nick

On 27/11/2015 16:46, Nick Howitt wrote:
The clue is in the error message. Your version of iptables does not support the -w switch so you'll need to remove it from your action.d/iptables.conf. Earlier versions of f2b did not use the -w switch. You may also want to change iptables-multiport.conf. Really the recommended way is to create a new file, action.d/iptables.local and make the changes there. That way you leave the original installation intact.

Regards,

Nick

On 27/11/2015 14:19, Thomas Doczkal wrote:
Hello,

I have a strange issue here.
iptables installed are Version iptables v1.4.14.
I haven't changed the action.d/iptables.conf.
I have installed the latest version fail2ban-client 0.9.3 and configured
ssh-iptables as follows

####################################
[ssh-iptables]
enabled  = true
bantime  = 36000
ignoreip = 127.0.0.1

filter   = sshd
action   = "" port=ssh, protocol=tcp]
#          mail-whois[name=SSH, [email protected]]
#logpath  = /var/log/sshd.log
logpath  = /var/log/auth.log
maxretry = 3
####################################

I can see failed entries and banned ips but iptables are not changed.

One of the attacker IPs is 74.208.47.218

I have the following in my fail2ban.log file.
I did an unban with fail2ban-client and received the following output:

####################################
2015-11-25 19:16:47,463 fail2ban.actions        [26745]: NOTICE
[ssh-iptables] Unban 74.208.47.218
2015-11-25 19:16:47,599 fail2ban.action         [26745]: ERROR  iptables
-w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stdout: ''
2015-11-25 19:16:47,603 fail2ban.action         [26745]: ERROR  iptables
-w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stderr: 'iptables
v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\'
for more information.\n'
2015-11-25 19:16:47,607 fail2ban.action         [26745]: ERROR  iptables
-w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- returned 1
2015-11-25 19:16:47,610 fail2ban.CommandAction  [26745]: ERROR
Invariant check failed. Trying to restore a sane environment
2015-11-25 19:16:47,746 fail2ban.action         [26745]: ERROR  iptables
-w -D INPUT -p tcp --dport ssh -j f2b-SSH
iptables -w -F f2b-SSH
iptables -w -X f2b-SSH -- stdout: ''
2015-11-25 19:16:47,750 fail2ban.action         [26745]: ERROR  iptables
-w -D INPUT -p tcp --dport ssh -j f2b-SSH
iptables -w -F f2b-SSH
iptables -w -X f2b-SSH -- stderr: 'iptables v1.4.14: unknown option
"-w"\nTry `iptables -h\' or \'iptables --help\' for more
information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\'
or \'iptables --help\' for more information.\niptables v1.4.14: unknown
option "-w"\nTry `iptables -h\' or \'iptables --help\' for more
information.\n'
2015-11-25 19:16:47,754 fail2ban.action         [26745]: ERROR  iptables
-w -D INPUT -p tcp --dport ssh -j f2b-SSH
iptables -w -F f2b-SSH
iptables -w -X f2b-SSH -- returned 2
2015-11-25 19:16:47,758 fail2ban.actions        [26745]: ERROR   Failed
to execute unban jail 'ssh-iptables' action 'iptables' info '{'matches':
'Nov 25 15:35:35 homeserver01 sshd[31789]: Invalid user pi from
74.208.47.218Nov 25 15:35:38 homeserver01 sshd[31793]: Invalid user pi
from 74.208.47.218Nov 25 15:35:39 homeserver01 sshd[31795]: Invalid user
pi from 74.208.47.218Nov 25 15:35:41 homeserver01 sshd[31797]: Invalid
user pi from 74.208.47.218Nov 25 15:35:42 homeserver01 sshd[31799]:
Invalid user pi from 74.208.47.218', 'ip': '74.208.47.218', 'time':
1448474683.343454, 'failures': 5}': Error stopping action
####################################

same if I try to ban the ip manually:
####################################
2015-11-25 19:40:21,364 fail2ban.actions        [26745]: NOTICE
[ssh-iptables] Ban 74.208.47.218
2015-11-25 19:40:21,501 fail2ban.action         [26745]: ERROR  iptables
-w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stdout: ''
2015-11-25 19:40:21,506 fail2ban.action         [26745]: ERROR  iptables
-w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- stderr: 'iptables
v1.4.14: unknown option "-w"\nTry `iptables -h\' or \'iptables --help\'
for more information.\n'
2015-11-25 19:40:21,509 fail2ban.action         [26745]: ERROR  iptables
-w -n -L INPUT | grep -q 'f2b-SSH[ \t]' -- returned 1
2015-11-25 19:40:21,513 fail2ban.CommandAction  [26745]: ERROR
Invariant check failed. Trying to restore a sane environment
2015-11-25 19:40:21,650 fail2ban.action         [26745]: ERROR  iptables
-w -D INPUT -p tcp --dport ssh -j f2b-SSH
iptables -w -F f2b-SSH
iptables -w -X f2b-SSH -- stdout: ''
2015-11-25 19:40:21,654 fail2ban.action         [26745]: ERROR  iptables
-w -D INPUT -p tcp --dport ssh -j f2b-SSH
iptables -w -F f2b-SSH
iptables -w -X f2b-SSH -- stderr: 'iptables v1.4.14: unknown option
"-w"\nTry `iptables -h\' or \'iptables --help\' for more
information.\niptables v1.4.14: unknown option "-w"\nTry `iptables -h\'
or \'iptables --help\' for more information.\niptables v1.4.14: unknown
option "-w"\nTry `iptables -h\' or \'iptables --help\' for more
information.\n'
2015-11-25 19:40:21,658 fail2ban.action         [26745]: ERROR  iptables
-w -D INPUT -p tcp --dport ssh -j f2b-SSH
iptables -w -F f2b-SSH
iptables -w -X f2b-SSH -- returned 2
2015-11-25 19:40:21,661 fail2ban.actions        [26745]: ERROR   Failed
to execute ban jail 'ssh-iptables' action 'iptables' info
'CallingMap({'ipjailmatches': <function <lambda> at 0xb66644b0>,
'matches': '', 'ip': '74.208.47.218', 'ipmatches': <function <lambda> at
0xb6664470>, 'ipfailures': <function <lambda> at 0xb6664430>, 'time':
1448476821.364055, 'failures': 3, 'ipjailfailures': <function <lambda>
at 0xb66643f0>})': Error stopping action
####################################

I haven't changed the action.d/iptables.conf.


Any idea where I have to delete the unknown option -w?
I have tried to grep for -w but could not find a way to escape - so I
had no luck with this.

Many thanks in advance.

Best Regards,
Thomas

------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



------------------------------------------------------------------------------

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to